Global ETD Search

11	An Analysis of the Size and Impact of Digital Footprints Maxwell, Whitney Nielsen 01 December 2017 (has links) Personal information available online is known as a digital footprint. While many have a digital footprint, few if any, know what it encapsulates or how to control it. Technology and personal information are becoming more intertwined as technology becomes more integrated with everyday activities. Personal information can be defined as details that apply to a person such as race or shopping habits. Shopping habits are considered personal information by many corporations who spend money to track, or even predict purchases of individuals, whereas more traditional forms of personal information are details like gender, birthdate, and home town. With a wide breadth of personal information available, not all of it is equally valuable or personally unique. This project is dedicated to determining the content and size of a digital footprint, and assessing its impact for an individual by defining the discoverability of that content. information security digital footprint personal information information privacy Systems Engineering
12	Discovering Constructs and Dimensions for Information Privacy Metrics Dayarathna, Rasika January 2013 (has links) Privacy is a fundamental human right. During the last decades, in the information age, information privacy has become one of the most essential aspects of privacy. Information privacy is concerned with protecting personal information pertaining to individuals. Organizations, which frequently process the personal information, and individuals, who are the subjects of the information, have different needs, rights and obligations. Organizations need to utilize personal information as a basis to develop tailored services and products to their customers in order to gain advantage over their competitors. Individuals need assurance from the organizations that their personal information is not changed, disclosed, deleted or misused in any other way. Without this guarantee from the organizations, individuals will be more unwilling to share their personal information. Information privacy metrics is a set of parameters used for the quantitative assessment and benchmark of an organization’s measures to protect personal information. These metrics can be used by organizations to demonstrate, and by individuals to evaluate, the type and level of protection given to personal information. Currently, there are no systematically developed, established or widely used information privacy metrics. Hence, the purpose of this study is to establish a solid foundation for building information privacy metrics by discovering some of the most critical constructs and dimensions of these metrics. The research was conducted within the general research strategy of design science and by applying research methods such as data collection and analysis informed by grounded theory as well as surveys using interviews and questionnaires in Sweden and in Sri Lanka. The result is a conceptual model for information privacy metrics including its basic foundation; the constructs and dimensions of the metrics. / <p>At the time of the doctoral defense, the following paper was unpublished and had a status as follows: Paper 6: Accepted.</p> Information privacy Privacy metrics Data protection Personal information
13	Big browser is watching you : How Information Privacy Concerns and Involvement affect Purchase Intentions in Online Personalized Advertising Karlsson, Malin, Karlsson, Sandra, Malmberg, Amanda January 2015 (has links) Authors: Malin Karlsson, Sandra Karlsson, Amanda Malmberg Tutor: Dr. Setayesh Sattari Examiner: Prof. Anders Pehrsson Background: Consumers increasingly purchase products online due to the widespread use of the Internet. The decision for consumers to purchase online is predicted by their purchase intentions, which in turn is affected by their information privacy concerns. There is a lack of research on IPC and purchase intentions in the context of online personalized advertising. Purpose: To extend the understanding of purchase intentions considering information privacy concerns and involvement in the context of online personalized advertising. Methodology: A survey in form of a questionnaire was conducted in order to gather the information necessary to be able to analyse the relationship between IPC and purchase intentions in the context of online personalized advertising. The sample consists of 18-70 year olds from cities in southern Sweden. Conclusion: Conclusions drawn in this thesis is that when applied in the context of online personalized advertising, there is no significant relationship between IPC and purchase intentions. However, involvement is suggested as having a positive relationship to purchase intentions, as well as a positive moderating effect on the relationship between IPC and purchase intention in the context of online personalized advertising. Keywords: Purchase intentions, Information privacy concerns (IPC), Online personalized advertising, Involvement. Purchase intentions Information privacy concerns (IPC) Online personalized advertising Involvement
14	Oblivion on the Web: an Inquiry of User Needs and Technologies Novotny, Alexander, Spiekermann, Sarah 04 1900 (has links) (PDF) Unlimited retention of personal information on the web may harm individuals: employers can find youthful indiscretions on social media, and incorrectly low credit scores may haunt individuals for a lifetime. Currently, Europe revives the "right to erasure" as a first step towards a forgetting web. Early technologies implementing oblivion suffer from vulnerabilities and narrowly assume that users require information to be erased after a pre-determined time. But little is known about users' actual oblivion needs. A first study shows that users desire control over disclosed personal information to reduce pre-disclosure privacy concerns, and to delete harmful information after disclosure. In the long run, users have a need for dissociating from obsolete information that represents their past identity. A second study analyses whether oblivion-enhancing technologies (OETs) currently deployed in online services satisfy users' needs. While not all services give users assurance that disclosed information can be erased again, most provide users with some active control. But to manage the increasing volume of personal information stored, users would also require "intelligent" support with oblivion. Intelligent agents that keep track of disclosed information long-term could automatically safeguard users from information relating to a past episode in life surfacing unexpectedly. (authors' abstract)
15	Effects on analysis arising from confidentialising data using random rounding : master's thesis in statistics, University of Canterbury / Chen, Xiangyin January 1900 (has links) Thesis (M. Sc.)--University of Canterbury, 2009. / Typescript (photocopy). Includes bibliographical references (leaves 91-92). Also available via the World Wide Web.
16	DIFFERENTIAL PRIVACY IN DISTRIBUTED SETTINGS Zitao Li (14135316) 18 November 2022 (has links) <p>Data is considered the "new oil" in the information society and digital economy. While many commercial activities and government decisions are based on data, the public raises more concerns about privacy leakage when their private data are collected and used. In this dissertation, we investigate the privacy risks in settings where the data are distributed across multiple data holders, and there is only an untrusted central server. We provide solutions for several problems under this setting with a security notion called differential privacy (DP). Our solutions can guarantee that there is only limited and controllable privacy leakage from the data holder, while the utility of the final results, such as model prediction accuracy, can be still comparable to the ones of the non-private algorithms.</p> <p><br></p> <p>First, we investigate the problem of estimating the distribution over a numerical domain while satisfying local differential privacy (LDP). Our protocol prevents privacy leakage in the data collection phase, in which an untrusted data aggregator (or a server) wants to learn the distribution of private numerical data among all users. The protocol consists of 1) a new reporting mechanism called the square wave (SW) mechanism, which randomizes the user inputs before sharing them with the aggregator; 2) an Expectation Maximization with Smoothing (EMS) algorithm, which is applied to aggregated histograms from the SW mechanism to estimate the original distributions.</p> <p><br></p> <p>Second, we study the matrix factorization problem in three federated learning settings with an untrusted server, i.e., vertical, horizontal, and local federated learning settings. We propose a generic algorithmic framework for solving the problem in all three settings. We introduce how to adapt the algorithm into differentially private versions to prevent privacy leakage in the training and publishing stages.</p> <p><br></p> <p>Finally, we propose an algorithm for solving the k-means clustering problem in vertical federated learning (VFL). A big challenge in VFL is the lack of a global view of each data point. To overcome this challenge, we propose a lightweight and differentially private set intersection cardinality estimation algorithm based on the Flajolet-Martin (FM) sketch to convey the weight information of the synopsis points. We provide theoretical utility analysis for the cardinality estimation algorithm and further refine it for better empirical performance.</p> Data and information privacy Differential Privacy federated learning applications
17	Analyzing and Improving Security-Enhanced Communication Protocols Weicheng Wang (17349748) 08 November 2023 (has links) <p dir="ltr">Security and privacy are one of the top concerns when experts select for communication protocols. When a protocol is confirmed with problems, such as leaking users’ privacy, the protocol developers will upgrade it to an advanced version to cover those concerns in a short interval, or the protocol will be discarded or replaced by other secured ones. </p><p dir="ltr">There are always communication protocols failing to protect users’ privacy or exposing users’ accounts under attack. A malicious user or an attacker can utilize the vulnerabilities in the protocol to gain private information, or even take control of the users’ devices. Hence, it is important to expose those protocols and improve them to enhance the security properties. Some protocols protect users’ privacy but in a less efficient way. Due to the new cryptography technique or the modern hardware support, the protocols can be improved with less overhead and enhanced security protection. </p><p dir="ltr">In this dissertation, we focus on analyzing and improving security-enhanced communication protocols in three aspects: </p><p dir="ltr">(1) We systematically analyzed an existing and widely used communication protocol: Zigbee. We identified the vulnerabilities of the existing Zigbee protocols during the new device joining process and proposed a security-enhanced Zigbee protocol. The new protocol utilized public-key primitives with little extra overhead with capabilities to protect against the outsourced attackers. The new protocol is formally verified and implemented with a prototype. </p><p dir="ltr">(2) We explored one type of communication detection system: Keyword-based deep packet inspection. The system has several protocols, such as BlindBox, PrivDPI, PE-DPI, mbTLS, and so on. We analyzed those protocols and identified their vulnerabilities or inefficiencies. To address those issues, we proposed three enhanced protocols: MT-DPI, BH-DPI, and CE-DPI which work readily with AES-based encryption schemes deployed and well-supported by AES-NI. Specifically, MT-DPI utilized multiplicative triples to support multi-party computation. </p><p dir="ltr">(3) We developed a technique to support Distributed confidential computing with the use of a trusted execution environment. We found that the existing confidential computing cannot handle multiple-stakeholder scenarios well and did not give reasonable control over derived data after computation. We analyzed six real use cases and pointed out what is missing in the existing solutions. To bridge the gap, we developed a language SeDS policy that was built on top of the trusted execution environment. It works well for specific privacy needs during the collaboration and gives protection over the derived data. We examined the language in the use cases and showed the benefits of applying the new policies.</p> Data and information privacy Data security and protection security privacy communication protocol
18	On digital forensic readiness for information privacy incidents Reddy, Kamil 26 September 2012 (has links) The right to information privacy is considered a basic human right in countries that recognise the right to privacy. South Africa, and other countries that recognise this right, offer individuals legal protections for their information privacy. Individuals, organisations and even governments in these countries often have an obligation under such laws to protect information privacy. Large organisations, for example, multinational companies and government departments are of special concern when it comes to protecting information privacy as they often hold substantial amounts of information about many individuals. The protection of information privacy, therefore, has become ever more significant as technological advances enable information privacy to be breached with increasing ease. There is, however, little research on holistic approaches to protecting information privacy in large organisations. Holistic approaches take account of both technical and non-technical factors that affect information privacy. Nontechnical factors may include the management of information privacy protection measures and other factors such as manual business processes and organisational policies. Amongst the protections that can be used by large organisations to protect information privacy is the ability to investigate incidents involving information privacy. Since large organisations typically make extensive use of information technology to store or process information, such investigations are likely to involve digital forensics. Digital forensic investigations require a certain amount of preparedness or readiness for investigations to be executed in an optimal fashion. The available literature on digital forensics and digital forensic readiness (DFR), unfortunately, does not specifically deal with the protection of information privacy, which has requirements over and above typical digital forensic investigations that are more concerned with information security breaches. The aim of this thesis, therefore, is to address the lack of research into DFR with regard to information privacy incidents. It adopts a holistic approach to DFR since many of the necessary measures are non-technical. There is, thus, an increased focus on management as opposed to specific technical issues. In addressing the lack of research into information privacy-specific DFR, the thesis provides large organisations with knowledge to better conduct digital forensic investigations into information privacy incidents. Hence, it allows for increased information privacy protection in large organisations because investigations may reveal the causes of information privacy breaches. Such breaches may then be prevented in future. The ability to conduct effective investigations also has a deterrent effect that may dissuade attempts at breaching information privacy. This thesis addresses the lack of research into information privacy-specific DFR by presenting a framework that allows large organisations to develop a digital forensic readiness capability for information privacy incidents. The framework is an idealistic representation of measures that can be taken to develop such a capability. In reality, large organisations operate within cost constraints. We therefore also contribute by showing how a cost management methodology known as time-driven activity-based costing can be used to determine the cost of DFR measures. Organisations are then able to make cost versus risk decisions when deciding which measures in the framework they wish to implement. Lastly, we introduce the concept of a digital forensics management system. The management of DFR in a large organisation can be a difficult task prone to error as it involves coordinating resources across multiple departments and organisational functions. The concept of the digital forensics management system proposed here allows management to better manage DFR by providing a central system from which information is available and control is possible. We develop an architecture for such a system and validate the architecture through a proof-of-concept prototype. / Thesis (PhD)--University of Pretoria, 2012. / Computer Science / unrestricted Information privacy Information privacy management Digital forensics Digital forensic readiness Digital forensic readiness management Privacy Time-driven activity-based costing UCTD
19	公務機關比對個人資料對資訊隱私權之可能影響 / Information Privacy Issues under the Data-matching Programs in Public Sector 王怡人, Wang, Yi-Ren Unknown Date (has links) 隨著政府給付行政功能日益加重，公部門掌握個人資訊之機會與能力快速成長。以現今之資訊科技，各公務機關分別持有之檔案，可輕易在極短時間內經由傳輸、串連、比對而彙整為相當完整之個人資料檔，使得政府有機會成為社會上最龐大個人資料庫之擁有者。如能妥慎運用，不但可以提升行政效能，建立政府一體形象，且能積極實現人民權益，形成政府與人民雙贏。反之，漫無限制之資料比對則可能侵害人民之資訊隱私權。所謂「資訊隱私權」係指個人可自行決定是否將自身資料公開或供特定使用之權利。我國大法官於2005年9月28日作出之釋字第603號解釋有完整之闡釋，指出其係受憲法第22條所保障之基本權利。然而憲法對其保障並非絕對，必要時，國家仍得基於公益之必要，在符合法律保留、法律明確及比例原則之條件下予以限制，但應在組織與程序上對於個人資料採行必要之防護措施。就公務機關執行個人資料比對業務而言，值得探討之處在於法律保留、法律明確原則是否落實，以及組織與程序上之防護措施是否妥適。本論文以「歷史解釋」方法解析資訊隱私權之意義，以「比較法制」方法討論其憲法基礎，以及各國為保護此權利所制訂之資料比對法規。最後，經由「文獻分析」方法，整理學術論文、著作、法規、函釋及實務案例後，對我國公務機關比對個人資料之法制規範以及組織與程序提出建議。具體建議包括：於個資法中明定公務機關執行個人資料比對應盡之程序義務，對於資料之使用確實遵行合目的原則，儘可能以作用法為依據，不應僅憑組織法行之；參與比對之機關內部應設專責組織，推動「自我審查」機制，另於外部設督導單位，監督各機關比對業務之進行，同時藉重資訊科技協助正當程序之落實。資訊隱私權資料比對 information privacy data matching
20	Privacy exposure on WeChat from users' perspective : A study among the university students in China Liu, XiaoTong January 2019 (has links) In 21st century, social media has become one necessary part in people’s life, different kinds of social media emerge in endlessly. In younger generation, it is popular to use social media as a communication tool to get closer to each other. During using social media, it is important to have awareness to protect their personal information. Comparing with Western countries, the topic of privacy is not often discussed in China and some privacy issues might be ignored due to people have not enough knowledge in this area. In this study, the focus is to investigate Chinese university students’ perception of privacy risks and WeChat personal information exposure. Based on this, this study also explores the users’ attitudes toward WeChat and how it influences the future usage of it. The adopted research method is qualitative research method, by doing interviews with 15 students from different school, city and major. From the study, eight essential concepts are used to answer two research questions. Though analysis, the situation of the privacy perception can be found, the reasons and attitudes toward WeChat are also figured out. At the end of the thesis, the contribution of this study and suggestions to future research are shown. SNS WeChat Security awareness Information privacy Risk perception Information Systems

Search results